Customizing Error Handling
SuperTokens session recipie can throw the following errors:#
Unauthorised error#
- Thrown when a protected backend API is accessed without a session.
- The default bahaviour of this is to clear session cookies (if any) and send a 401 to the frontend.
- NodeJS
let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({ supertokens: {...}, appInfo: {...}, recipeList: [ Session.init({ errorHandlers: { onUnauthorised?: (message, request, response, next) => { // TODO: Write your own logic and then send a 401 response to the frontend }, } }) ]});Token theft detected#
- Thrown when a session hijacking attempt has been detected.
- We detect this using rotating refresh tokens.
- The default behaviour of this is to revoke the session and send a
401to the frontend.
- NodeJS
let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({ supertokens: {...}, appInfo: {...}, recipeList: [ Session.init({ errorHandlers: { onTokenTheftDetected?: (sessionHandle, userId, req, res, next) => { // TODO: Write your own logic and then send a 401 response to the frontend }, } }) ]});